Annoyances.org
Home » Windows XP Discussion Forum » Message 1140983421 » Entire Thread Search | Help | Home
  
"low RAM" suddenly occuring
Showing all messages in thread #1140983421
Windows XP Annoyances Discussion Forum

The following are all of the messages in this thread (13 in all), shown in chronological order. Click any message subject to view that message by itself or to view the thread hierarchy.
"low RAM" suddenly occuring
Sunday, February 26, 2006 at 11:50 am
Posted by Vikitty (14 messages posted) 

I'm running Windows XP with 256mb of RAM and have never had any problems until a 
few days ago. I went to open Photoshop and I got the error "Unable to intitialize; 
not enough RAM."

I downloaded MemTurbo (a friend recommended it) to investigate and it said I only 
had about 40mb of RAM left. After defragging my C:/ and using MemTurbo's RAM recover 
tool it will go up to 150mb but then quickly start decreasing again.

I've heard that you need 512mb to run Windows XP at optimum performance, but I'm 
a student without the funds and I've had this computer and setup for three years 
and have never had any difficulties with RAM before.

Any insight would be greatly appreciated. Again, I'm curious as to what caused this 
to start happening because it's just so random that it would start happening now.

[Reply or follow-up to this message]

Tip: Run a free scan for common Windows errors ad

re: "low RAM" suddenly occuring
Sunday, February 26, 2006 at 12:01 pm
Posted by Steve (21645 messages posted)

Probably some piece of recently installed Malware using the rest of the Ram.

[Reply or follow-up to this message]

re: "low RAM" suddenly occuring
Sunday, February 26, 2006 at 12:06 pm
Posted by Vikitty (14 messages posted) 

Thanks for the quick reply! :) That might just be it.

I've run Lavasoft Adware, Spyware S&D and AVG and fixed all the problems it found. 
Can you recommend another program that might find something the others have missed?

[Reply or follow-up to this message]

re: "low RAM" suddenly occuring
Sunday, February 26, 2006 at 12:13 pm
Posted by Steve (21645 messages posted)

That is a good start, if they found a lot of things to fix, beyond Advertising Cookies then more can be done. A few online Virus scans can usually pickup on newer Malware. Some other Posters should have some Links to a good Malware removal routines. These routines are posted in a lot of the threads here already if you browse through some of them.

[Reply or follow-up to this message]

re: "low RAM" suddenly occuring
Sunday, February 26, 2006 at 12:23 pm
Posted by MrCharlie (4141 messages posted) 


I have 1gig of Kingston on my XP machine!

Try this for "another program"

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
1. When installing, under "Additional Options" uncheck "Install background guard" 
and "Install scan via context menu".
2. When you run ewido for the first time, you will get a warning "Database could 
not be found!". Click OK. We will fix this in a moment.
3. From the main ewido screen, click on update in the left menu, then click the Start 
update button.
4. After the update finishes (the status bar at the bottom will display "Update successful")
5. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgrLet 
it scan your system for files to remove. Make sure these 3 are checked and then press 
*ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin

6. Reboot into safe mode
You can do this by restarting your computer and continually tapping the F8 key until 
a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

7. Run Ewido Security Suite --- Do a "Complete System Scan"
Let it clean all files
8. Once the scan has completed, there will be a button located on the bottom of the 
screen named Save report Click Save report. Save the report .txt file to your desktop.


Good Luck,  MrC

[Reply or follow-up to this message]

re: "low RAM" suddenly occuring
Sunday, February 26, 2006 at 3:22 pm
Posted by Vikitty (14 messages posted) 

Thanks for the help!

I followed your instructions and it found 137 problems, most of them were cookies. 
Now that I'm back in normal mode, it hasn't solved the problem.

When I booted into safe mode, however, I noticed MemTurbo was at a constant 150-160mb 
of RAM free, with no significant change while I was running the scan. So obviously 
the problem is related to the processes I have running now, but I'm not sure which 
ones I can get rid of without damaging my computer.

[Reply or follow-up to this message]

re: "low RAM" suddenly occuring
Sunday, February 26, 2006 at 3:39 pm
Posted by MrCharlie (4141 messages posted) 



Lets see if a HJT log shows anything.

Please download HiJackThis into its own permanent folder,
example: C:\MyHJT\HJT.exe, C:\Program Files\MYHJT\HJT.exe or C:\MyDocuments\MyHJT\HJT.exe
DownloadHJT

Double click on it to open it up, hit the Do a system scan and save log button, 
WordPad will open and  it will be saved in the folder, copy and paste the entire 
log into your reply. (use edit > select all > copy > paste it into your reply)

 Please make sure you check the "preserve spacing button" on 
the bottom of the posting page.

HERE---->[X]Check this box to 
preserve your spacing, or leave it unchecked to have your text wrapped automatically. 
Tip: Don't use this option unless you really need it; use the preview feature on 
the next page if you're not sure. 

MrC

[Reply or follow-up to this message]

re: "low RAM" suddenly occuring
Sunday, February 26, 2006 at 4:26 pm
Posted by Vikitty (14 messages posted) 

Holy cow, this thing is long.

Logfile of HijackThis v1.99.1
Scan saved at 4:22:35 PM, on 26/02/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\YSIGet\YSIGet.exe
C:\Program Files\Trillian\trillian.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program 
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: YSIGet Browser Helper Object - {FCF9FD72-694D-411f-A322-D002CB13735F} - 
C:\Program Files\YSIGet\YSIGet.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo 
Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CuteFTP TE] "C:\Program Files\GlobalSCAPE\CuteFTP 7 Home\ftpte.exe"
O4 - HKCU\..\Run: [μTorrent] "C:\!Valerie's Stuff\utorrent.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 
7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: YSIGet it! - C:\Program Files\YSIGet\wgbho.js
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program 
Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - 
C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/cabs/A18X.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation 
Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - 
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup 
Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} - http://www.35mb.com/downloadapplet.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl 
Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) 
- 
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) 
- 
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) 
- http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - 
http://by7fd.bay7.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: bw+0 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program 
Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program 
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\m0820aloedqc0.dll (file missing)
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe 
Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido 
anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - 
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

[Reply or follow-up to this message]

re: "low RAM" suddenly occuring
Sunday, February 26, 2006 at 4:56 pm
Posted by MrCharlie (4141 messages posted) 


You're way behind on your Windows Updates - without them you're a "sitting duck"!
Platform: Windows XP SP1 (WinNT 5.01.2600)

----------------------

This entry is from a L2M infection. We'll deal with it in a moment: 
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\m0820aloedqc0.dll (file missing)

----------------------

First, please disable Desktop Messenger

How can I disable it?
To disable this service, simply go to "Start," "Programs," "Logitech," and click 
on "Desktop Messenger." There are two check boxes which are self descriptive. You 
can choose to disable either or both check boxes. (I would do both)

--------------------------------------

Next.....
Download  Look2Me-Destroyer at the link below - follow the directions - don't run 
it yet.

http://www.atribune.org/content/view/28/


Close ALL programs down, leaving ONLY HijackThis running - Click Scan and.....
Place a check against the following items:

O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01)
-
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02)
-
ALL of these 018s from DesktopMessenge:
O18 - Protocol: bw+0s - {D1477812-7BA1-48A8-A910-2BCC2C02E683} - C:\Program Files\Logitech\DesktopMessenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\m0820aloedqc0.dll (file missing)

Click on Fix Checked and exit HijackThis.

Now run Look2Me-Destroyer

Reboot and post a fresh HJT log and the log form Look2Me-Destroyer  -   C:\Look2Me-Destroyer.txt. 
  MrC

[Reply or follow-up to this message]

re: "low RAM" suddenly occuring
Sunday, February 26, 2006 at 5:45 pm
Posted by Vikitty (14 messages posted) 

Yeah, I've tried installing SP2 but it's yet to work so I'm going to have to stick 
with SP1 until I get my new computer next year. I do install the updates when they 
come up, though, it's just SP2 that has given me trouble.

Anyway! Logs, as requested. For HJT, I wasn't sure if the O18s without "Desktop Messenger" 
in the name somewhere had to be fixed as well so I didn't touch them, just to be 
safe.

Logfile of HijackThis v1.99.1
Scan saved at 5:46:34 PM, on 26/02/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program 
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: YSIGet Browser Helper Object - {FCF9FD72-694D-411f-A322-D002CB13735F} - 
C:\Program Files\YSIGet\YSIGet.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo 
Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CuteFTP TE] "C:\Program Files\GlobalSCAPE\CuteFTP 7 Home\ftpte.exe"
O4 - HKCU\..\Run: [μTorrent] "C:\!Valerie's Stuff\utorrent.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 
7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: YSIGet it! - C:\Program Files\YSIGet\wgbho.js
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program 
Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - 
C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/cabs/A18X.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation 
Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - 
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup 
Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} - http://www.35mb.com/downloadapplet.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl 
Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) 
- http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - 
http://by7fd.bay7.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe 
Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido 
anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - 
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe


Look2Me-Destroyer V1.0.6

Scanning for infected files.....
Scan started at 26/02/2006 5:11:31 PM


Attempting to delete infected files...

Making registry repairs.


Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

[Reply or follow-up to this message]

re: "low RAM" suddenly occuring
Monday, February 27, 2006 at 3:52 pm
Posted by MrCharlie (4141 messages posted)

Well Done! Looks Clean now - how's it running? MrC

[Reply or follow-up to this message]

re: "low RAM" suddenly occuring
Monday, February 27, 2006 at 4:25 pm
Posted by Vikitty (14 messages posted) 

Still the same, but I'm getting some more RAM (upgrading up to 512 or whatever it 
is) so hopefully that will fix the problem.

I also managed to finally install SP2, about damn time the thing worked.

[Reply or follow-up to this message]

re: "low RAM" suddenly occuring
Monday, February 27, 2006 at 4:49 pm
Posted by MrCharlie (4141 messages posted)

Well I'm confident that your system is free of malware, so try more ram - like I said I have 1gig. Let me know how you make out, MrC

[Reply or follow-up to this message]

Tip: Use one of the [Reply or follow-up to this message] links above to add a message to this thread
Return to the Windows XP Discussion Forum


All content at Annoyances.org is Copyright © 1995-2009 Creative Elementtm All rights reserved.
Please do not plagiarize; redistributing these pages without permission is strictly prohibited.