My Docs showing up in task manager

I am assuming you mean it is open under the “applications” tab and not “processes”. I doubt it is malware but something more like My Documents is opening at start up minimized – or something odd like that.

You can check this by running msconfig in the run box and looking for and looking for something calling My Documents from the start up tab.

If you still think you have a malware issue – Please read the removal guide here:
http://forums.majorgeeks.com/showthread.php?t=35407

 

Please complete the instruction already given to run the below procedure and attach the requested logs:

http://forums.majorgeeks.com/showthread.php?t=35407

 

It does not appear to be a malware problem.


Why does the below file name have all of those spaces inbetween the Carcamo and the 2.doc? Did you do this on purpose?

Code:

"C:\Documents and Settings\us\My Documents\"
albaca~1.doc  Feb 13 2008       25600  "Alba Carcamo                                                                  2.doc"

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure you receive a message saying it was successfully added to the registry. Tell me if you get this message.

Now reboot

Do you still see My Documents in Task Manager? Do you still see a process with no name in MSconfig?

 

You did not say whether the registry patch added to the registry. I requested that you tell me if you received a success message.

No it is not strange. It just means that when you end that process your Windows shell (that is explorer.exe) is getting killed for a short while before the system restores it.

Let's try a couple more things:

Run this Using Sophos Anti-Rootkit and attach the requested log.

Now please download Silent Runner's

• Save it to the desktop.
• Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
• You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
• Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and attach it to your next message.

NOTE: If you receive any warning messages from your antivirus or antispyware programs about a script trying to be run , please choose to allow the script to run.