[Resolved] my sister computer needs help

[Joseph Gosselin]

i ran sfc and was able to run msconfig and put the setting back. i still think we have a memory leak. thanks for the help so far.

[Hoov]

How is the computer running? Why do you think you have a memory leak?

[Joseph Gosselin]

i think it has a memory leak because the memory keeps creaping up and down but is always on the full side.

When i try to run hijack this i get an error message, attachment 1, then when it says to create a log file ,attachment 2, nothing happens. i get a blank notepad.

besides from the storage problem everything seems alright.

[Hoov]

First about the memory, how much do you have installed, and how much is in use? Have you ever modified your swap file size?

About hijackthis, did you right click on it and select run as administrator?

[Joseph Gosselin]

first of all i  think i was using the wrong use of terminolagy when talking about "memory leak". i was trying to refer to hard disc space. Please see the attachments. we do not know why it is so full. even when we erase stuff it fills it up again.

i dont get the option to run as admisstrater when following the your instrutions. the attach shows the options when i right click on the icoon.

 

[Hoov]

First, screenshots. If you go to the start button then to all programs then to accessories, there is a program call snipping tool. If you run that you can use the tool to select the area you want to show and then save that as an image and post that. It will give you much smaller files, and you won't have to show everything on your desktop.

Next I would like you to first run ccleaner again on your computer and cleanup anything it tells you to.

Next please download a program called WinDirStat and install it, then run it. Let it scan all your drives. You will end up with a window like the one below. Over on the right side up at the top is a list of file types. Let me know which file type is at the top. Also if you put your mouse pointer over the colored blocks that is the largest group, on the bottom of the window on the left side it will tell you what the location. I don't need the file name, just the location.

[Joseph Gosselin]

ok so i ran the program and the most grouped blocks were tmp files. The location of the files are C:\Windows\winXXXX.tmp

[Hoov]

Please download ATF Cleaner by Atribune.

This program is for Windows 98/ME/2K/XP and Vista

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click
• No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu.


Please download and scan with SUPERAntiSpyware Free for Home Users

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.[/color])
  
• Under "Configuration and Preferences", click the Preferences button.
  
• Click the Scanning Control tab.
  
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
    
  • Scan for tracking cookies.
    
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
  
• Back on the main screen, under "Scan for Harmful Software[/i]" click Scan your computer.
  
• On the left, make sure you check C:\Fixed Drive.
  
• On the right, under "Complete Scan", choose Perform Complete Scan.
  
• Click "Next" to start the scan. Please be patient while it scans your computer.
  
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  
• Make sure everything has a checkmark next to it and click "Next".
  
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  
• If asked if you want to reboot, click "Yes".
  
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
    
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    
  • Please copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

Please download RunScanner

• Save it to a folder you create such as C:\Runscanner (this assumes Windows is installed on your C: drive).
  
• Launch Runscanner by double-clicking runscanner.exe within the C:\Runscanner folder.
• Vista users must also click Continue to open Runscanner when prompted by User Account Control (UAC)
• Check Beginner Mode
• Click Scan computer
• Your will see a "Runscanner scan in progress" window displayed while Runscanner scans your system
• At the conclusion of the scan, save the run file called runscanner.run to your documents folder or directly to the Runscanner folder. This is the file you will need to upload.
• A runscanner.log file will automatically open in Notepad. Just close the Notepad window because, it is ONLY the runscanner.run file that we are interested in.
• Next, zip up the runscanner.run file that you just saved.
• I want you to upload the zipped runscanner.run file as an attachment in your next reply
• To do that choose "Additional Options" under "Post Reply"
• Browse to the zipped RUN file location and then click the "Post" button to attach the file.
• I will review the run file, and then upload it back to you with items marked for deletion.
• Please await my directions and the returned RUN file, and do not delete anything in the interim

[Hoov]

I just thought of something that may help us.

I need you to reboot windows cleanly. To do that please go to the run command and type in msconfig . Once that starts, select selective startup, and then uncheck the load startup items. Now click on the services tab, and down near the bottom of the window, check the box that says Hide all Microsoft Services now go up and uncheck all the services still listed, make sure you scroll down the list if need to unselect all the non Microsoft services. Now click apply, then click OK and reboot the computer.

Now see if you can clean up some of the temporary files and not have them recreated.

Let me know if that works.

[Joseph Gosselin]

i went on msconfig and disable the programs u wanted me to but i am not able to go on the internet. I am not sure if the computer is losing memory. should i erase all the memory and leave run the computer in clean mode. then in the regular mode. (with the programs in msconfig turned on.)

here is the superscanner log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/27/2011 at 12:45 PM

Application Version : 5.0.1118

Core Rules Database Version : 7613
Trace Rules Database Version: 5425

Scan type       : Quick Scan
Total Scan Time : 01:13:27

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned      : 561
Memory threats detected   : 0
Registry items scanned    : 31426
Registry threats detected : 0
File items scanned        : 33195
File threats detected     : 0

[Hoov]

Please run combofix again. After that has finished running, please run a FULL scan with Malwarebytes' Anti-Malware instead of a quick scan.

[Joseph Gosselin]

ok so here is the combo fix log


ComboFix 11-08-29.03 - Nora 08/29/2011  20:26:59.3.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1979.1023 [GMT -7:00]
Running from: c:\users\Nora\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2011-07-28 to 2011-08-30  )))))))))))))))))))))))))))))))
.
.
2011-08-30 04:14 . 2011-08-30 04:14   --------   d-----w-   c:\users\Nora\AppData\Local\temp
2011-08-30 04:14 . 2011-08-30 04:14   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-08-27 20:12 . 2011-08-27 20:12   --------   d-----w-   c:\users\Nora\AppData\Roaming\Runscanner.net
2011-08-27 18:24 . 2011-08-27 18:24   --------   d-----w-   c:\users\Nora\AppData\Roaming\SUPERAntiSpyware.com
2011-08-27 18:23 . 2011-08-27 18:24   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-08-27 18:23 . 2011-08-27 18:23   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-08-27 06:03 . 2011-08-27 06:03   --------   d-----w-   c:\program files\WinDirStat
2011-08-27 05:55 . 2011-08-27 05:55   --------   d-----w-   c:\program files\CCleaner
2011-08-24 03:10 . 2011-07-11 13:25   2048   ----a-w-   c:\windows\system32\tzres.dll
2011-08-18 01:19 . 2011-08-18 01:19   388096   ----a-r-   c:\users\Nora\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-18 01:19 . 2011-08-18 01:19   --------   d-----w-   c:\program files\Trend Micro
2011-08-07 21:43 . 2011-07-07 02:52   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-07 21:43 . 2011-08-07 21:45   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-08-07 21:43 . 2011-07-07 02:52   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-08-05 10:56 . 2011-08-07 02:20   --------   d-----w-   c:\programdata\STOPzilla!
2011-08-05 05:37 . 2011-08-07 22:40   --------   d--h--w-   c:\users\Nora\AppData\Local\MicrosoftNT
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 06:42 . 2011-07-16 06:42   652296   ----a-w-   c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-07-16 06:41 . 2011-07-16 06:41   749832   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-07-16 06:41 . 2011-07-16 06:41   416128   ----a-w-   c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2011-06-25 07:09 . 2011-06-25 07:09   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 13:34 . 2011-07-13 20:17   2043392   ----a-w-   c:\windows\system32\win32k.sys
2011-04-14 16:26 . 2011-06-21 02:17   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-05 00:50   1197448   ----a-w-   c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" [BU]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 4603264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eRecoveryService"="" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
2007-11-19 22:17   1261568   ----a-w-   c:\program files\Acer\Acer Assist\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 09:38   34672   ----a-w-   c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALUAlert]
2008-02-21 22:02   152952   ----a-w-   c:\program files\Symantec\LiveUpdate\ALUNOTIFY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-07-21 10:18   159744   ----a-w-   c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-07 05:42   34040   ----a-w-   c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2008-10-17 23:52   51048   ----a-w-   c:\program files\Common Files\Symantec Shared\CCAPP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25   125952   ----a-w-   c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2008-08-01 16:51   405504   ----a-w-   c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-16 22:19   136176   ----atw-   c:\users\Nora\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-08-26 03:45   171032   ----a-w-   c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-08-26 03:45   136216   ----a-w-   c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 08:22   421160   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-07-02 03:36   850440   ----a-w-   c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdxamon]
2008-06-13 16:04   16040   ----a-w-   c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdxmon.exe]
2008-06-13 16:04   668328   ----a-w-   c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-07-07 02:52   1047656   ----a-w-   c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
2008-02-26 14:50   988512   ----a-w-   c:\program files\Norton 360\osCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-08-26 03:45   170520   ----a-w-   c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-04-17 03:50   6111232   ----a-w-   c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 10:15   1826816   ----a-w-   c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25   202240   ----a-w-   c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe [2008-02-28 98984]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-31 23888]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-20 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20091217.001\IDSvix86.sys [2009-11-20 286768]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2008-02-28 594600]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-05-30 93968]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 01:56]
.
2011-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 01:56]
.
2011-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2179011211-1787922989-1093665615-1003Core.job
- c:\users\Nora\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18 22:19]
.
2011-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2179011211-1787922989-1093665615-1003UA.job
- c:\users\Nora\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18 22:19]
.
2011-08-30 c:\windows\Tasks\User_Feed_Synchronization-{A67B2B58-20A6-48DA-B10B-789D0CD39DB6}.job
- c:\windows\system32\msfeedssync.exe [2011-08-13 09:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.fitnessmagazine.com/videos/m/35164840/booty-swirl.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1008&m=extensa_4630z
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\88g1mb28.default\
.
.
**************************************************************************
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-08-29  21:21:28
ComboFix-quarantined-files.txt  2011-08-30 04:20
ComboFix2.txt  2011-08-09 05:02
.
Pre-Run: 377,270,272 bytes free
Post-Run: 335,515,648 bytes free
.
- - End Of File - - FA52BE71DC3BDC8A0D6A5B68CDBE17B1

[Joseph Gosselin]

and he is malwarebyte log



Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7607

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

8/29/2011 11:22:56 PM
mbam-log-2011-08-29 (23-22-56).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|)
Objects scanned: 327137
Time elapsed: 1 hour(s), 55 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Hoov]

But your drive is still getting filled up?

[Joseph Gosselin]

It is hard to tell because there is so little space left.

i have just now deleted 2000 tmp files and freed up 20gbs of space. how about we use the computer for about a day to see if the is a memory lose.