Author Topic: Ram usage really high (Read 45389 times)

SuperDave · « **Reply #30 on:** September 25, 2013, 01:13:34 PM »

Please download and run MicroSoft Safety Scanner. This will take about 20 minutes to run and will produce a log if your computer was infected. Please post the log. This scanner only has a shelf life of 10 days so you will need to download a new one if you want to run a scan after the trial period has expired.
***********************************
Download GMER Rootkit Scanner from here.

•Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
•If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
•In the right panel, you will see several boxes that have been checked. Uncheck the following ...
*Sections
*IAT/EAT
*Drives/Partition other than Systemdrive (typically C:\)
*Show All (don't miss this one)
•Then click the Scan button & wait for it to finish
•Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
•Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

smallzZz8 · « **Reply #31 on:** September 25, 2013, 04:42:44 PM »

should i disable norton and the microsoft essentials?

SuperDave · « **Reply #32 on:** September 25, 2013, 05:58:00 PM »

Quote from: smallzZz8 on September 25, 2013, 04:42:44 PM

should i disable norton and the microsoft essentials?

No, not necessary.

smallzZz8 · « **Reply #33 on:** September 25, 2013, 07:48:02 PM »

ok and here is the log for the Gmer scan...the first scan just said no viruses and spyware

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-25 21:46:27
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST31000528AS rev.CC46 931.51GB
Running: us5dkh0v.exe; Driver: C:\Users\Bryce\AppData\Local\Temp\kgtorpoc.sys

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

smallzZz8 · « **Reply #34 on:** September 26, 2013, 12:37:26 PM »

also would it help if i gave you the recent files that i downloaded that were mark bad and deleted by norton at the beginning of all this?

SuperDave · « **Reply #35 on:** September 26, 2013, 01:35:59 PM »

Quote

also would it help if i gave you the recent files that i downloaded that were mark bad and deleted by norton at the beginning of all this?

No, that won't help much. Please run this scan.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

On completion of the scan click save log, save it to your desktop and post in your next reply

smallzZz8 · « **Reply #36 on:** September 26, 2013, 06:56:54 PM »

here is the aswMBR scan

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-09-26 20:55:02
-----------------------------
20:55:02.783 OS Version: Windows x64 6.1.7601 Service Pack 1
20:55:02.783 Number of processors: 2 586 0x170A
20:55:02.784 ComputerName: ADAMS-PC UserName: Bryce
20:55:05.259 Initialize success
20:55:33.300 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:55:33.304 Disk 0 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 3
20:55:33.364 Disk 0 MBR read successfully
20:55:33.368 Disk 0 MBR scan
20:55:33.372 Disk 0 unknown MBR code
20:55:33.376 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 8197 MB offset 63
20:55:33.381 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 945669 MB offset 16787925
20:55:33.405 Disk 0 scanning C:\Windows\system32\drivers
20:55:40.085 Service scanning
20:55:42.079 Service BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130903.002\BHDrvx64.sys **LOCKED** 5
20:55:42.783 Service ccSet_N360 C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys **LOCKED** 5
20:55:43.584 Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
20:55:43.848 Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
20:55:44.948 Service IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130925.001\IDSvia64.sys **LOCKED** 5
20:55:46.675 Service NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130925.003\ENG64.SYS **LOCKED** 5
20:55:46.748 Service NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130925.003\EX64.SYS **LOCKED** 5
20:55:49.560 Service SRTSPX C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS **LOCKED** 5
20:55:49.876 Service SymDS C:\Windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS **LOCKED** 5
20:55:49.930 Service SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS **LOCKED** 5
20:55:49.968 Service SymIRON C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS **LOCKED** 5
20:55:49.992 Service SymNetS C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS **LOCKED** 5
20:55:53.051 Modules scanning
20:55:53.065 Disk 0 trace - called modules:
20:55:53.084 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:55:53.090 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f7e060]
20:55:53.097 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8005bb0e40]
20:55:53.103 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005bda060]
20:55:53.110 Scan finished successfully
20:56:23.853 Disk 0 MBR has been saved successfully to "C:\Users\Bryce\Desktop\mbar\MBR.dat"
20:56:23.894 The log file has been saved successfully to "C:\Users\Bryce\Desktop\mbar\aswMBR.txt"

SuperDave · « **Reply #37 on:** September 26, 2013, 07:47:23 PM »

We need to fix the Master Boot Record using aswMBR now.

Double click aswMBR.exe to run it like before
Once the scan finishes click FixMBR to remove the infection as illustrated below

Once the scan finishes click Save log to save the log to your Desktop
Copy and paste the contents of aswMBR.txt back here for review

.

smallzZz8 · « **Reply #38 on:** September 26, 2013, 08:14:18 PM »

here it is

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-09-26 22:10:57
-----------------------------
22:10:57.533 OS Version: Windows x64 6.1.7601 Service Pack 1
22:10:57.533 Number of processors: 2 586 0x170A
22:10:57.534 ComputerName: ADAMS-PC UserName: Bryce
22:11:02.595 Initialize success
22:11:26.083 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:11:26.086 Disk 0 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 3
22:11:26.164 Disk 0 MBR read successfully
22:11:26.166 Disk 0 MBR scan
22:11:26.168 Disk 0 unknown MBR code
22:11:26.172 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 8197 MB offset 63
22:11:26.175 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 945669 MB offset 16787925
22:11:26.197 Disk 0 scanning C:\Windows\system32\drivers
22:11:33.901 Service scanning
22:11:35.688 Service BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130903.002\BHDrvx64.sys **LOCKED** 5
22:11:36.051 Service ccSet_N360 C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys **LOCKED** 5
22:11:37.027 Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
22:11:37.356 Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
22:11:38.689 Service IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130926.001\IDSvia64.sys **LOCKED** 5
22:11:40.673 Service NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130925.003\ENG64.SYS **LOCKED** 5
22:11:40.730 Service NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130925.003\EX64.SYS **LOCKED** 5
22:11:43.999 Service SRTSPX C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS **LOCKED** 5
22:11:44.249 Service SymDS C:\Windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS **LOCKED** 5
22:11:44.295 Service SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS **LOCKED** 5
22:11:44.349 Service SymIRON C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS **LOCKED** 5
22:11:44.381 Service SymNetS C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS **LOCKED** 5
22:11:47.649 Modules scanning
22:11:47.656 Disk 0 trace - called modules:
22:11:47.683 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:11:47.689 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f7e060]
22:11:47.695 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8005bb0e40]
22:11:47.701 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005bda060]
22:11:47.707 Scan finished successfully
22:12:23.294 Verifying
22:12:33.318 Disk 0 Windows 601 MBR fixed successfully
22:13:13.235 Disk 0 MBR has been saved successfully to "C:\Users\Bryce\Desktop\mbar\MBR.dat"
22:13:13.280 The log file has been saved successfully to "C:\Users\Bryce\Desktop\mbar\aswMBR.txt"

SuperDave · « **Reply #39 on:** September 27, 2013, 01:14:32 PM »

Any change?

smallzZz8 · « **Reply #40 on:** September 27, 2013, 03:19:22 PM »

kind of it doesnt slowly go up but when doing all my stuff i get like 80-87% but this may just be normal. would it help if i deleted other accounts on the computer?

immental1200 · « **Reply #41 on:** September 27, 2013, 03:37:21 PM »

Comments removed. You are not authorized to post in these malware forums unless you need help.

smallzZz8 · « **Reply #42 on:** September 29, 2013, 12:53:59 PM »

ya it used to slowly climb and i think it still might because it used to slowly go to 80-90% but now when i have all my stuff up i get 80-90% so idk if its my stuff or not...but when it slowly climbs like in the beginning i have nothing running

my startup is
microsoft intellipoint
hot key daemon
realtek voice manager
hd audio control panel
microsoft security client
epson status monitor 3
googletoolbarnotifier
eeventmanager application
java(tm) platform SE auto updater

this is all that is enabled

smallzZz8 · « **Reply #43 on:** September 29, 2013, 01:01:22 PM »

ok the problem is back im getting 50 cpu and 65 cpu running nothing but chrome to reply to this...svchost.exe is useing the most memory amd another svchost.exe is using all the cpu

Ps Read the reply above to

SuperDave · « **Reply #44 on:** September 29, 2013, 07:40:33 PM »

StartupLite

Download StartupLite by MalwareBytes to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.

Computer Hope Forum

News:

Author Topic: Ram usage really high (Read 45389 times)

SuperDave

Re: Ram usage really high

smallzZz8

Re: Ram usage really high

SuperDave

Re: Ram usage really high

smallzZz8

Re: Ram usage really high

smallzZz8

Re: Ram usage really high

SuperDave

Re: Ram usage really high

smallzZz8

Re: Ram usage really high

SuperDave

Re: Ram usage really high

smallzZz8

Re: Ram usage really high

SuperDave

Re: Ram usage really high

smallzZz8

Re: Ram usage really high

immental1200

Re: Ram usage really high

smallzZz8

Re: Ram usage really high

smallzZz8

Re: Ram usage really high

SuperDave

Re: Ram usage really high