"System" in task Manager using a lot of memory.

[evilfantasy]

You will have to remove the cracks before I can continue helping.

* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]

:Processes
explorer.exe

:files
C:\DOCUME~1\SYLVER~1\Application Data\LimeWire\.AppSpecialShare\Adobe Photoshop Pro CS2 v9.0 Full ISO + WORKING Keygen.torrent.bak
C:\DOCUME~1\SYLVER~1\Incomplete\GJSC3JB4CRS4LWHRG57DMKAZVEAF6DTQ\.datAdobe Photoshop Pro CS2 v9.0 Full ISO + WORKING Keygen
C:\DOCUME~1\SYLVER~1\Incomplete\GJSC3JB4CRS4LWHRG57DMKAZVEAF6DTQ\Adobe Photoshop Pro CS2 v9.0 Full ISO + WORKING Keygen

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

[Sylverkitti]

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\DOCUME~1\SYLVER~1\Application Data\LimeWire\.AppSpecialShare\Adobe Photoshop Pro CS2 v9.0 Full ISO + WORKING Keygen.torrent.bak moved successfully.
C:\DOCUME~1\SYLVER~1\Incomplete\GJSC3JB4CRS4LWHRG57DMKAZVEAF6DTQ\.datAdobe Photoshop Pro CS2 v9.0 Full ISO + WORKING Keygen moved successfully.
C:\DOCUME~1\SYLVER~1\Incomplete\GJSC3JB4CRS4LWHRG57DMKAZVEAF6DTQ\Adobe Photoshop Pro CS2 v9.0 Full ISO + WORKING Keygen moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\SYLVER~1\LOCALS~1\Temp\etilqs_HZMPOWUTR3my1Dfscbth scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\SYLVER~1\LOCALS~1\Temp\Perflib_Perfdata_960.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_22c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_e4c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03062009_020623

Files moved on Reboot...
File C:\DOCUME~1\SYLVER~1\LOCALS~1\Temp\etilqs_HZMPOWUTR3my1Dfscbth not found!
File C:\DOCUME~1\SYLVER~1\LOCALS~1\Temp\Perflib_Perfdata_960.dat not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_22c.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_e4c.dat moved successfully.
C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\XUL.mfl moved successfully.

[evilfantasy]

* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]

:Processes
explorer.exe

:reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{284b41dd-ccdc-11dd-9fb7-001320bc3e08}]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

:Commands
[emptytemp]
[start explorer]
[Reboot]

* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes.

----------

Download Rooter.exe to your desktop

* Double click Rooter.exe to start the tool.
* A DOS window will appear and show the scan progress.
* Once complete a notepad file containing the report will open.
* Copy & paste the results in your next reply.
* Close notepad and Rooter will close.

A log will also save at %systemdrive%\Rooter.txt (Where %systemdrive% is usually C: or the drive that you have Windows installed).

----------

Also let me know how the computer is running now.

[Sylverkitti]

Still no difference, and its odd, the memory is always at 62,496, never seen it change. And the VM is at 88, but sometimes it goes to 110.....this is so weird...




========== PROCESSES ==========
Process explorer.exe killed successfully.
Error: Unable to interpret <:registry> in the current context!
Error: Unable to interpret <[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{284b41dd-ccdc-11dd-9fb7-001320bc3e08}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]> in the current context!
========== FILES ==========
C:\lopR.txt moved successfully.
C:\Lop SD moved successfully.
C:\ComboFix.txt moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\SYLVER~1\LOCALS~1\Temp\etilqs_nibJQ9vFzGwaxGGSfGTX scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\SYLVER~1\LOCALS~1\Temp\Perflib_Perfdata_f80.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_cc.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_f4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03062009_023914

Files moved on Reboot...
File C:\DOCUME~1\SYLVER~1\LOCALS~1\Temp\etilqs_nibJQ9vFzGwaxGGSfGTX not found!
File C:\DOCUME~1\SYLVER~1\LOCALS~1\Temp\Perflib_Perfdata_f80.dat not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_cc.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_f4.dat not found!
C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\urlclassifier3.sqlite moved successfully.

[evilfantasy]

The OTMoveIt fix didn't work. I edited the directions so please run it again and post the new log. Also don't forget the Rooter scan.

[Sylverkitti]

Still no change



========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{284b41dd-ccdc-11dd-9fb7-001320bc3e08}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\SYLVER~1\LOCALS~1\Temp\etilqs_cltTkBi4GK4oeygkgaiS scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_ac.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_bb4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03062009_030025

Files moved on Reboot...
File C:\DOCUME~1\SYLVER~1\LOCALS~1\Temp\etilqs_cltTkBi4GK4oeygkgaiS not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_ac.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_bb4.dat moved successfully.
C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzfbhp9e.default\XUL.mfl moved successfully.


********************

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free :                 Intel(R) Celeron(R) CPU 2.66GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A00
USER : Sylverkitti ( Administrator )
BOOT : Normal boot

Antivirus : AVG Anti-Virus Free 8.0 (Activated)


A:\ (USB)
C:\ (Local Disk) - NTFS - Total:145 Go (Free:122 Go)
D:\ (CD or DVD)

Fri 03/06/2009| 3:07

----------------------\\  Search..

No infections found !


1 - "C:\Rooter$\Rooter_1.txt" - Fri 03/06/2009| 3:07

----------------------\\  Scan completed at  3:07

[evilfantasy]

Scan with Panda ActiveScan 2.0

This scanner requires Internet Explorer

• Once you are on the Panda site click the Scan your PC now button
  
• A new window will open...click the Check Now button
  
• Enter your Country
  
• Enter your State/Province
  
• Enter your e-mail address and click send
  
• Select either Home User or Company
  
• Select the appropriate Yes or No to receiving marketing information
• Click the Free Online Scan button
  
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  
• When download is complete, click on My Computer to start the scan
  
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

.
Post the contents of the ActiveScan report in your next reply.

[Sylverkitti]

This actually would not work in IE, as I have 8, and it wants 6 or 7.....but works well with Firefox 1.5 or higher. Anywho....here is the results.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-03-07 05:00:44
PROTECTIONS: 1
MALWARE: 13
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description                                  Version                       Active    Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free                          8.0                           Yes       Yes
;===================================================================================================================================================================================
MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
;===================================================================================================================================================================================
00097389  Application/PerfectKeyLog.A        HackTools           No        0         No             No           C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP806\A0082887.exe[bpki.dll]
00211481  Application/FamilyKeylogger        HackTools           No        0         Yes            No           C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP806\A0082893.exe
00211481  Application/FamilyKeylogger        HackTools           No        0         Yes            No           C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP806\A0082480.exe
00381203  Application/PerfectKeyLog          HackTools           No        0         No             No           C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP806\A0082887.exe[inst.bin]
01185375  Application/Psexec.A               HackTools           No        0         Yes            No           C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP873\A0090023.EXE
01185375  Application/Psexec.A               HackTools           No        0         Yes            No           C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP872\A0089926.EXE
01514450  Application/PerfectKeyLog          HackTools           No        0         No             No           C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP806\A0082887.exe[bpkvw.exe]
02731820  Application/PerfectKeyLog.AJ       HackTools           No        0         No             No           C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP806\A0082887.exe[bpkun.exe]
02731822  Generic Malware                    Virus/Trojan        No        0         No             No           C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP806\A0082887.exe[bpkwb.dll]
02731826  Trj/Keylog.LH                      Virus/Trojan        No        1         No             No           C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP806\A0082887.exe[bpkr.exe]
02731829  Application/PerfectKeyLog.AJ       HackTools           No        0         No             No           C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP806\A0082887.exe[bpkhk.dll]
02731831  Generic Malware                    Virus/Trojan        No        0         No             No           C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP806\A0082887.exe[Setup.exe]
02885963  Rootkit/Booto.C                    Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP873\A0090003.sys
02885963  Rootkit/Booto.C                    Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP872\A0089904.sys
02902714  Trj/Multidropper.RMA               Virus/Trojan        No        1         Yes            No           C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP806\A0082887.exe
02902746  Application/PerfectKeylogger.N     HackTools           No        0         No             No           C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP806\A0082887.exe[bpk.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent      Location                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              V
;===================================================================================================================================================================================
No        C:\Documents and Settings\Sylverkitti\Desktop\ComboFix.exe                                                                                                                                                                                                                                                                                                                                                                                                                                                            V
No        C:\Program Files\Adolix\eCover Engineer\eCoverEngineer.exe                                                                                                                                                                                                                                                                                                                                                                                                                                                            V
;===================================================================================================================================================================================
VULNERABILITIES
Id        Severity   Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                V
;===================================================================================================================================================================================
;===================================================================================================================================================================================

[evilfantasy]

• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

.
.
The above procedure will:

• Delete:
• ComboFix and its associated files and folders.
• VundoFix backups, if present
• The C:\Deckard folder, if present
• The C:_OtMoveIt folder, if present

• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

.
----------


Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

• Go to Start > Programs > Accessories > System Tools and click System Restore
  
• Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  
• The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
  
• Click OK
  
• Click the More Options Tab.
  
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide or Windows Vista System Restore Guide
.
----------

Use the Secunia Software Inspector to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

How is the computer running now?

[Sylverkitti]

I have a bunch of different versions of flash...adobe and  Macromedia......do I need all the different ones? or can they somehow be removed so all I have is one. I guess whatever i need is what i want, unneeded...no. 

[evilfantasy]

Download the Flash Player Uninstaller and save it to your desktop.

Run the uninstaller program and then reboot your computer to complete the uninstall.

Download and install the latest version of Flash Player

[Sylverkitti]

Ok got that, but it still tells me theres a Java thats old on here, even tho I removed them all and updated.
Also, earlier, everything was hanging, and moving S L O W...so I pulled up my task manager, System still taking up a
bunch of memory but there was a wowexe.exe on there, I have seen this before but not for a while. As soon as
I end process things go back to normal, but this looks very weird to me, the way its indented like that, and not showing
what its using? Screen Copy attached.

[attachment deleted by admin]

[evilfantasy]

Wowexec.exe (Windows on Windows subsystem) and Ntvdm.exe (NT Virtual DOS
Machine) are used to run 16-bit programs (DOS programs) in a virtual
environment. If they are being used you will see the programs indented
under the Ntvdm.exe entry in the Task Manager. Ntvdm.exe and
Wowexec.exe will remain in memory after you close the 16-bit
application, "in case" you want to launch another 16-bit program. If
these items are started when you boot the computer, but no associated
program is shown under them, check your startup items, some 16-bit
program is set to start and do something when the computer starts. That
"16-bit something" could be anything.

I don't think it's malware but could be running due to malware.

Download DrWeb CureIt & save it to your desktop. Scan with DrWeb-CureIt as follows:

• Double-click on drweb-cureit.exe and then click Start
• An information notice will appear, click OK.
• This starts a short scan that will scan the files currently running in memory.
• If you get a prompt to buy the full version just exit out of the window. The scanner will still work without buying the full version
• If or when something is found, click the Yes button when it asks you if you want to cure it.

• Once the short scan has finished, Click Settings > Change Settings
• Under the Scanning tab UNcheck Heuristic analysis and click OK
• Back at the main window, select the Complete scan button and then click the Green Arrow Start Scanning button on the right and the scan will start.
  • Click Yes to all if it asks if you want to cure/move any file(s).
• When the scan is done.
• In the Dr.Web CureIt menu on top left, click File and choose Save report list.
• Save the DrWeb.csv report to your Desktop.
• Exit Dr.Web Cureit.

• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

[/COLOR]

• After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
• Copy and paste that log in the next reply

[/list]

[Sylverkitti]

dead body man insane clown.mp3;C:\Documents and Settings\Sylverkitti\Desktop\MUSIC\ADAM\Playlist 3;Trojan.WMALoader;Cured.;

[evilfantasy]

Whatever issues remain are likely not malware related.

Try posting in the Windows forum for further help.