i need some help and suggestions

Hi


Could well be malware of somesort as many scans may not find what the issue is, but it can also be a bad application you have installed of late, but to rule out malware please follow the below guide of ours:


Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.




​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • CounterSpy
  • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • runkeys.txt - the log from GetRunKey.bat
  • newfiles.txt - the log from ShowNew.bat
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

I'm not really seeing any malware problems but let's take a few steps!

Uninstall Viewpoint Media Player as requested in step 0 of the READ ME

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O4 - HKLM\..\Run: [Workflow] D:\Install\Workflow.exe

After clicking Fix, exit HJT.

Did you recently run anything related to TrendMicro (including an online scanner)? I wondering about the below which is a TrendMicro file name but lately it seems to be showing up on too many systems and I'm starting to think it is part of an infection going around.

Code:

"C:\WINDOWS\system32\drivers\"
tmcomm.sys    Apr  2 2007       76560  "tmcomm.sys"

Now please download F-Secure's BlacklightBeta

• Download fsbl.exe and save it to the Desktop.
• Once saved... double click fsbl.exe to install the program.
• Click accept agreement and Click scan
• This application may trigger a warning from your antivirus. Let the driver load. Wait for it to finish.
• If it displays any items...don't do anything with them yet. Just hit exit (close)
• It will drop a log on Desktop that starts with fsbl....big number

Please attach the BlackLight log.



Now download the current version of ShowNew which was just updated. Attach a new log from it.

 

Your logs are clean! I suggest you update Sun Java as per the below.

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 11

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment



Are you still having problems? If so, you will have to explain exactly what they are since just have explorer or svchost processes using a lot of memory is not always and issue although the numbers you quoted do seem high. Next time they seem high, save a snapshow of Task Manager showing all the running processes.