Efh.exe is using like 300,000kb of memory. Also my CPU is spikeing to about 20% usage the it goes down to the normal 3 or 4 %. I tried avast but it says i’m clean. I also tried the TDS killer that Essex suggested no luck with that either? Anybody got any Ideas?

Prevx file info - EFH.EXE
http://www.prevx.com/filenames/2049854672346986221-X1/EFH.EXE.html

EFH.EXE
http://www.superantispyware.com/malwarefiles/EFH.EXE.html

Malwarebytes Anti-Malware 1.50.1 http://filehippo.com/download_malwarebytes_anti_malware/
always update the program so you have latest database before you scan
click the remove selected button to quarantine any infectons found
you may post the scan log here

you may also try

SuperAntiSpyware 4.47.1000 http://filehippo.com/download_superantispyware/

My Bad I saw the first sticky. Worked great
Here is what she found if interested.

Here is what she found if interested.

Malwarebytes (she ) worked great. Here is the log from Malwarebytes
Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5419

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/29/2010 8:06:36 PM
mbam-log-2010-12-29 (20-06-36).txt

Scan type: Quick scan
Objects scanned: 139154
Time elapsed: 4 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\sshnas21.dll (Rootkit.Agent) → Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) → Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JP595IR86O (Trojan.FraudPack) → Value: JP595IR86O → Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\sshnas21.dll (Rootkit.Agent) → Delete on reboot.
c:\Documents and Settings\Owner\Local Settings\Temp\Efh.exe (Trojan.FraudPack) → Delete on reboot.
c:\WINDOWS\Ehisoa.exe (Trojan.FraudPack) → Quarantined and deleted successfully.
c:\WINDOWS\Tasks{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) → Quarantined and deleted successfully.
c:\WINDOWS\Tasks{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) → Quarantined and deleted successfully.
c:\WINDOWS\Tasks{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) → Quarantined and deleted successfully.

does this mean that your problem is gone ?

I think so. I ran OTL I didnt get any hits. But Explore memory usage seems to be to high. Its around 22,000. Fire fox is my default I’m not even running Explorer. Memory usage Should be around 2,000 What do you think?

OTL report

Esssexboy will have a look at the log when he arrives so check back later today

MBAM missed a few - so lets get them now. Once this run is complete can you update and then re-run MBAM

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL O3 - HKU\S-1-5-21-583907252-776561741-839522115-1003\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found. [2010/12/29 20:11:12 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\tasks\glxxnauu.job [2010/12/29 12:56:06 | 000,076,800 | RHS- | M] () -- C:\WINDOWS\System32\msdadiagr.dll

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Essex good look on the clean up. I’m sure your used to hearing it but thanks. There was one more bug hanging out. I’ll post OTL and Mbam

And here is Mbam

;D

Cleared some junk though Total Files Cleaned = 157.00 mb

What problems remain ? The MBAM detection was an orphan entry

explorer and firefox seem to be using to much mem. Explorer is not running and its around 25,000 and with 21 firefox open its using 65,000. What do you think?

Lets try a little TLC

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

[*] Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

.
THEN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disck check

Firefox and Explorer are still kinda high with mem usage. But my PC is(seems) to be just as fast as before(or I cant tell?)Was there a log for either program that I should post?.

Firefox has always been a little high on RAM use, the more add-ons you have installed, the more tabs you have open all contribute to the over all and since it is all recorded into one process firefox.exe it looks overly high.

Currently my firefox usage is, 28MB explorer.exe and 131MB firefox.exe, see image.

Not I have seen worse when using Opera on my win7 netbook, because Opera isolates tabs, so a crash doesn’t effect all tabs or bring down Opera, you don’t notice it as much, but when you add them all together it was much higher than firefox.

(Firefox) Under the tools tab in FF I have noticed that I always have 4 new add-ons. Under Get Add-ons. Is this natural(lame advertising) or is this a bug filling up the get add-ons? I also noticed that I have a plugin-container.exe at about 22,000. Any thoughts?

There are always a different range of add-ons in the get add-ons tab (I have 5), hardly advertising as you don’t have to pay for anything ;D

I believe the plugin-container.exe is as its name implies is trying to isolate/contain plugins preventing a browser crash. These are plug-ins rather than add-ons. Also see, http://support.mozilla.com/en-US/questions/704242.

Firefox 3.6.6 making browsing slow on your computer? If yes, it may be due to plugin-container.exe, which was added in recent version of Firefox to prevent browser crash. New version of Firefox web browser loads certain plugins in a separate process (plugin-container.exe) to provide you uninterrupted browsing even when certain plugins stops working. But the problem is, plugin-container.exe may use a lot of memory and slow down your computer. You may experience the problem more often while viewing online flash videos.

So unless you are short on RAM there is hardly any issue with what it is using.

It is possible to stop it, but you then lose the benefits that it brings, see http://www.technogadge.com/how-to-stop-firefox-plugin-container-exe-process/, where the above quote came from.

The get add-ons tab is just suspicious. If I didnt put them there it should be empty. I dont need weather bug or any other garbage there pushing. I think there Browser is great and it blows Chrome away (definetly for video). I recently switched from chrome because it crashed a couple of times . It would not recover my homepage. Instead there was a page of the most visited sites. Firefox is new to me, but I thought that was what I was seeing under plugins-exe as the plugins I have active for the browser. Also I use Anti Tracks and its a lot easier to clean up temp files as well with Firefox.'m really just learning the ins and outs Do you have any Firefox tips to keep it fast and clean?