A zillion processes eating my memory - help please

[blazenko]

hi

after an attack, i succeeded in removing some malware with AdAware and MB's Anti-Malvare, but there's obviously a lot left. Computer is still slow, and My Task Manager never before looked like this:



as requested, i'm attaching MBAM, ESET, and HJT logs.

as for uninstall list, i didn't find anything suspiciuous to uninstall.

please help, i'm wrestling against a major deadline, on an extremely slowed-down conputor...!
it's terrible.

thanx in advance, hellp is very appreciated!

[jholland1964]

Looking at the programs running in the taskmanager at the time of the print screen the programs taking up the largest amount of resources and an explanation of what they were, were the following;
Outlook>>>>which is you email program
firefox>>>>your browser
avgrsx.exe>>>which was scanning your computer at that time for viruses
RTHDCPL.exe>>>Realtek HD Audio Control Panel
Smc.exe>>>Sygate firewall
HijackThis.exe>>>This is HiJackThis and shouldn't be running unless it is actually scanning the machine.
TextPad.exe>>>text editor for Windows
All of these above would have stopped using system resources when closed.
**************************************************
The others also running at the time which were probably not necessary were the following;
WVAMain.exe>>>Wow Video&Audio
agquickp.exe>>>ActivCard Gold
GoogleUpdate.exe>>>google updater
BTTray.exe>>>BlueTooth Tray
web'n'walk Manager.exe>>>T Mobile
notepad.exe>>>Windows Notepad
utubeuploader.exe>>>uTube uploader
UltraMonTaskbar.exe>>>for computers using multiple monitors
scardsvr.exe>>>Smartcard server
ACCOCA.exe>>>ActivCard Cache Server.
btwdins.exe>>>related to bluetooth
jusched.exe>>>java update scheduler
aawservice>>>adaware service
realplay.exe>>>real player
WGATray.exe>>>Windows Genuine Advantage
fumoei.exe>>>Free download manager
realsched.exe>>>real player update scheduler

One of the things to do when you see huge numbers of system resources being used is close unnecessary programs and reboot the computer.
PLUS one must ALWAYS reboot often when cleaning malware, sometimes items cannot be cleaned unless the system reboots.
Looks to me like this wasn't done, especially with HJT showing as running.
I did not check each and every item showing in your print screen but just those I knew which could be shut down without causing the computer itself to shut down. You have a lot of unnecessary startups which can be turned off. Many programs automatically put themselves into auto start when they are installed but are not needed there because they run just fine if run manually.
One very important item to note is this; If you are scanning your computer for viruses and malware ALL unnecessary programs should be turned OFF. This includes mail programs, browsers, media players, video programs, file download programs, bluetooth programs....ALL of those can slow the cleanup, corrupt the cleanup and just are not needed.

[blazenko]

Thank you, J

i the meantime, as an answer here wasn't coming, i went to check the listed processes myself, as much as i could find about them on web... and it did turn out for most of them that they were legitimate processes, partly due to all reasons you described.

i threw out a few unnecessary start-up items, and the rest were actually used at the time a made the screenshot...

i'll have to clean my machine obiviously, but not (only) from malware, but mainly form legitimate but unnecessary ****.

thanks for the advice, i'll follow it in the future!

one question though: all these multiple copies of svchost - how about that? is that normal or...?

[jholland1964]

Yes it is very normal as each one loads with a different process. Right now I have five showing in my running processes, svchost.exe is a generic host process. Some time ago, Microsoft started moving all of the functionality from internal Windows services into .dll files instead of .exe files but problem is a .dll file can't be launched from Windows so it has to be launched from a running .exe file....so svchost.exe was "born". Depending on what service is running at the time you would definitely see multiple svchost.exe files running. If each service was run by one svchost.exe then Windows would probably crash so one svchost.exe will be the host for various groups...say one svchost might host all .dll's related to your firewall, one might host everything to do with your antivirus program and so on. That is why you see multiple instances of this in the taskmanager.
Might I suggest CodeStuff Starter as an excellent FREE program to manage start ups , services and also what is running in taskmanager. You can easily see there what process is related to what program. Very easy to use.
When you are doing your cleaning remember one important thing, SOME malware do hide themselves behind a legitimate name and some items which may seem to be malware may indeed something valid, legitimate and necessary for the running of either Windows or some program you really need. So don't take the first answer you find to be gospel, research it thoroughly before removing OR also allowing to run.
Judy

[blazenko]

Judy, i never thanked you for help and extensive explanations; thanks indeed!

And also for Starter - it's great! Helps me greatly.

As for legitimate processes, the only ones i see that i'm not using are Bluetooth-related ones, so i turned them off.

Thanx again, stay cool!

Greetz from Croatia
Blazenko