8 steps followed - logs attached

[LouH]

Hi

I have completed the 8 steps and attached my logs.

I have had issues with IE where the virtual memory becomes large and results in an error where "Virtual Memory is too low". I've reinstalled the latest version of IE but this problem still occurs. I have recently noticed that more than one instance of iexplore.exe opening when only one browser is open which has led me to undertake 8 steps.

I don't appear to be able to backup any files - tried to use my iPod then burning a DVD. Also, I can no longer connect my iPod to my computer. I have tried to reformat it without success.

Any assistance would be greatly appreciated.

Many thanks

 

[Bobbye]

Right off I'm going to let you know that if you're using IE v8, multiple iexplore.exe processes are normal. I will also tell you that virtual memory is a setting that can be increased or decreased. It may have nothing to do with malware.

I'm going to check your logs now, but I would like you to explain what happens when this fails:

I don't appear to be able to backup any files - tried to use my iPod then burning a DVD. Also, I can no longer connect my iPod to my computer. I have tried to reformat it without success.

Do you get an error message? What? You state 4 different failures: can't backup, can't burn DVD and can't connect iPod to the computer, can't reformat. What happens when you try to do each of these? The same thing? What? Something different? What?

And does the problem seems to be related to the iPod and DVD exclusively or other parts of the system?

 

[Bobbye]

About Virtual Memory: Where you find it and what it means:

Task Manager Performance Tab:

http://technet.microsoft.com/en-us/library/cc938567.aspx

The formula for setting: the virtual memory paging file: is 1.5 times the physical RAM on your computer. For example: 1GB of installed RAM will have 1.5GB of virtual memory.

How to set performance options in Windows XP

Sources: Microsoft Support, TechNet.

 

[LouH]

Hi Bobbye

Thanks so much for your reply. I've provided as much detail as I can. I'm not an overly technical person so my descriptions may not be what you would expect .

DVD
I created a DVD to backup some key files on my computer. When I went to review the content, any folder on the Cd was blank when I clicked to open.

iPod
I had decided to backup key files to my iPod. I have the option turned on to enable disk use. Some files copied however there was a copying problem during this process. Error msg is below.

The iPod error msg in iTunes is - "The iPod cannot be synced. The required file cannot be found." I cannot update my iPod.

I also get a bubble pop up of "Windows - Delayed Write Failed. Windows was unable to save all the data for the file F:. The data has been lost. This error may be caused by a failure of your computer hardware or network connection".

When I open my iPod in My Computer it shows no files. I right clicked to Format the drive but nothing happens.

Virtual Memory
The virtual memory issue - I have had IE open for approx 5mins now and the Mem Usage is 25,340K and VM Size is 102,396K. The VM size will continue to grow until the Virtual Memory Low bubble appears. I've had this laptop for a few years now. This error has been appearing in the last few months under a previous version of IE. The advice I had was to upgrade to IE8 to resolve the issue but it is still appearing.

Double iexplore.exe
I Googled this problem and was taken to this website which indicated it was a virus so I went through each of the 8 steps assuming this was the case.

Please let me know if there is any other information I can provide.

Many thanks
Louise

 

[Bobbye]

Louise, I am not familiar with the backup process and requirements for an iPod. I suggest you post that problem in the Hardware problem.

Some things about IE8: see this> IE8 - What Are They Thinking?

While multiple iexplore.exe processes are normal in IE8, Malware can hide in almost any name. So if there are problem that indicate this might be possible, it's always best to rule it out-or in!

As for upgrading to fix a Virtual Memory problem, that also shouldn't be recommended as a fix. Most people recommend upgrades for repair because they don't know how to troubleshoot. I've given you what you need to work out your Virtual Memory setting.

Go ahead and run Combofix:
Please download ComboFix HERE:

• With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  
  Important! Save the renamed download to your desktop.
  
• Please disable all security programs, such as antiviruses, antispywares, and firewalls.
  
• Double click on the setup file on the desktop to run
• If prompted to download and install the Recovery Console, please do so.
  (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
• If prompted to update, please allow.
• Click on Yes, to continue scanning for malware.
• When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.

Notes:

• 
  1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  2. ComboFix may reset a number of Internet Explorer's settings.
  3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.
  4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run.

.\
========================================
I would also like to point out some things I noticed in the HJT log: the system has a lot of bosses! Here are some examples:
All running, related to touchpad/keyboard/special keys
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe> enables the use of some of the special Fn keyboard keys
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe>> Deals with the - key combinations on a Toshiba laptop
C:\Program Files\Apoint2K\Apoint.exe>> Alps Pointing-device Driver> Laptop touchpad.
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe>> offers easy movement and freedom of programs navigation with TouchPad
C:\WINDOWS\system32\TCtrlIOHook.exe> Toshiba Control Utility Hotkey Hook.

All related to the connectivity: (N is for 'doesn't need to start on boot, Y is needed)
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe>> Toshiba's wireless card configuration utility.> N
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe> Sub-system used by Cisco VPN client for making a connection to a remote IPSec server
File Location: > Y
C:\DRIVERS\CONFIG FREE\Package\NDSFiles\NDSTray.exe> Toshiba Tray utility for their network switching application> Y/N depending on frequency of switching
C:\Program Files\OptusNet DSL Internet\DSC.exe>> OptusNet DSL or Dial-Up connection software. Reports have shown that this file can cause a huge drain in resources and that disabling it will cause no problems. N
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe> synchronize, edit, and back up many of your phone's files on a compatible PC through a wireless or cable connection. PC Suite can also be launched through Start Menu.> N
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe> Nokia Connectivity Library support task>N

Unnecessary use of resources
c:\WINDOWS\system32\TPSMain.exe>> TOSHIBA Power Saver.
:\WINDOWS\system32\TPSBattM.exe>> TPSBattM.exe

Take the printer and scanner off of startup. There are [8] Canon processes running.
There are other processes that don't need to start on boot and run in the background.

Toshiba, like all computer manufacturers, preloads a lot of junk on their systems. Most people don't t know it's there and most don't use it. If it starts on boot, it's using valuable system processes that can better be used elsewhere.

 

[LouH]

I ran ComboFix. Results are attached.
I've also changed the Virtual Memory setting.

Thanks
Louise

 

[Bobbye]

• 
  [1]. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad and copy/paste the text in the code below into it:

File::
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\documents and settings\Louise\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe

Folder::

RegLock::
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]


Driver::

FCopy::

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.
==============================
Run Eset NOD32 Online AntiVirus Scanner HERE

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

=====================================
The following entry is still loading, seen first in HJT, currently in Combofix. IF you did not set a start page to disable as a blank page, the following entry needs to be checked and removed by HJT:

Reopen HJT to 'do system scan only.' Check the following:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
Close all Windows except HJT and click on "Fix Checked."
==========================
Recommended for Real Player:

• 
  [1]. UNCHECK all 'Real', Real Player' and 'Real One' entries on the Startup menu. Also untick TkBellExe
  [2]. If you use Real Player disable the auto-update feature in your Tools- Preferences- Automatic Services- AutoUpdate (In RealPlayer).
  [3].Right click on Start> Exp[ore> Programs> Common> Real Update> right click> delete the file "realshed.exe"

============================
Have you given any consideration to the duplication of and possible conflicts from the programs I grouped for you?




__________________