Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lsass.exe consumes most/all available memory


  • Please log in to reply
24 replies to this topic

#1 dtabachnick

dtabachnick

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 10 November 2013 - 11:55 AM

Lsass.exe is consuming most/all of the available memory. I initially approached this as a malware issue, but the excellent techs over at the malware removal forums believe it's not a malware issue and pointed me here. Here is the thread so you can see what we tried: http://www.bleepingcomputer.com/forums/t/511926/lsassexe-consumes-mostall-available-memory.

 

Thanks in advance!

 



BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,900 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:30 AM

Posted 11 November 2013 - 07:37 AM

Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 
Click Go and paste the content into your next post.
 
Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.
 
Louis



#3 dtabachnick

dtabachnick
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 11 November 2013 - 12:45 PM

Thanks for your help Louis! Here are the results of these steps:

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Barb (administrator) on 11-11-2013 at 09:39:05
Running from "C:\Users\Barb\Desktop\lsass"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (11/11/2013 00:52:02 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/10/2013 02:05:01 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/09/2013 11:37:43 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/09/2013 01:55:31 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/08/2013 01:27:31 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/07/2013 00:30:40 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/06/2013 00:56:45 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/05/2013 00:30:28 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/04/2013 00:30:29 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/02/2013 11:30:29 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (11/01/2013 04:53:46 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE
 
Error: (11/01/2013 04:50:57 PM) (Source: mbamchameleon) (User: )
Description: C01C0005
 
Error: (11/01/2013 04:31:27 PM) (Source: mbamchameleon) (User: )
Description: C0000010
 
Error: (11/01/2013 04:31:24 PM) (Source: mbamchameleon) (User: )
Description: C0000010
 
Error: (11/01/2013 03:59:23 PM) (Source: mbamchameleon) (User: )
Description: C0000010
 
Error: (11/01/2013 03:59:20 PM) (Source: mbamchameleon) (User: )
Description: C0000010
 
Error: (11/01/2013 03:27:18 PM) (Source: mbamchameleon) (User: )
Description: C0000010
 
Error: (11/01/2013 03:27:15 PM) (Source: mbamchameleon) (User: )
Description: C0000010
 
Error: (11/01/2013 03:26:39 PM) (Source: mbamchameleon) (User: )
Description: C01C0005
 
Error: (11/01/2013 03:19:23 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE
 
 
Microsoft Office Sessions:
=========================
Error: (11/11/2013 00:52:02 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (11/10/2013 02:05:01 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (11/09/2013 11:37:43 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/09/2013 01:55:31 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (11/08/2013 01:27:31 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (11/07/2013 00:30:40 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (11/06/2013 00:56:45 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (11/05/2013 00:30:28 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (11/04/2013 00:30:29 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (11/02/2013 11:30:29 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
 
=========================== Installed Programs ============================
 
@BIOS (Version: 2.30)
64 Bit HP CIO Components Installer (Version: 6.2.1)
7300 (Version: 130.0.365.000)
7300_Help (Version: 82.0.242.000)
7300Trb (Version: 82.0.242.000)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.8)
Adobe AIR (Version: 3.1.0.4880)
Adobe Creative Suite 6 Master Collection (Version: 6)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Help Manager (Version: 4.0.244)
Adobe Widget Browser (Version: 2.0 Build 348)
Adobe Widget Browser (Version: 2.0.348)
AIO_CDB_ProductContext (Version: 130.0.365.000)
AIO_CDB_Software (Version: 130.0.365.000)
AIO_Scan (Version: 130.0.421.000)
Amazon Games & Software Downloader (Version: 2.0.2.0)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Boggle
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 130.0.331.000)
BurnInTest v7.1 Standard (Version: 7.1)
Canon Utilities ImageBrowser EX (Version: 1.0.1.32)
CCleaner (Version: 4.06)
Copy (Version: 130.0.428.000)
CPUID CPU-Z 1.64.0
CPUID HWMonitor 1.23
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.465.000)
DocProc (Version: 13.0.0.0)
Dropbox (Version: 2.0.22)
ESET Online Scanner v3
Fax (Version: 130.0.418.000)
Google Chrome (Version: 30.0.1599.101)
Google Update Helper (Version: 1.3.21.165)
GPBaseService2 (Version: 130.0.371.000)
HandBrake 0.9.8 (Version: 0.9.8)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 4.000.011.006)
HPPhotoGadget (Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
iTunes (Version: 11.1.0.126)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 130.0.374.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft LifeCam (Version: 3.22.270.0)
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017)
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Movie Maker (Version: 16.4.3505.0912)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network64 (Version: 130.0.572.000)
Network64 (Version: 140.0.221.000)
NVIDIA Control Panel 307.83 (Version: 307.83)
NVIDIA Graphics Driver 307.83 (Version: 307.83)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017)
PDF Settings CS6 (Version: 11.0)
Photo Gallery (Version: 16.4.3505.0912)
Scan (Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
Skype™ 6.5 (Version: 6.5.158)
SmartWebPrinting (Version: 130.0.457.000)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 130.0.469.000)
TeamViewer 8 (Version: 8.0.22298)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
UnloadSupport (Version: 11.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition
Update for Microsoft InfoPath 2013 (KB2752078) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2817621) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition
Update for Microsoft Office 2013 (KB2737954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760257) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817309) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817311) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817493) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817640) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827228) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827235) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2810016) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB2825632) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2817625) 64-Bit Edition
Update for Microsoft Project 2013 (KB2767859) 64-Bit Edition
Update for Microsoft Publisher 2013 (KB2752097) 64-Bit Edition
Update for Microsoft SkyDrive Pro (KB2825633) 64-Bit Edition
Update for Microsoft Visio 2013 (KB2752018) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition
Update for Microsoft Word 2013 (KB2817631) 64-Bit Edition
Update for Microsoft Word 2013 (KB2827218) 64-Bit Edition
VirtualCloneDrive
VLC media player 2.0.5 (Version: 2.0.5)
WebReg (Version: 130.0.132.017)
WinDirStat 1.1.2
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 94%
Total physical RAM: 3070.49 MB
Available physical RAM: 173.57 MB
Total Pagefile: 8807.69 MB
Available Pagefile: 869.02 MB
Total Virtual: 4095.88 MB
Available Virtual: 3952.79 MB
 
========================= Partitions: =====================================
 
2 Drive c: () (Fixed) (Total:238.37 GB) (Free:52.82 GB) NTFS
3 Drive d: (Fruit) (Fixed) (Total:596.17 GB) (Free:592.99 GB) NTFS
6 Drive m: (media) (Network) (Total:5548.34 GB) (Free:537.84 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\VEGGEEPUTER
 
Administrator            Barb                     Guest                    
UpdatusUser              
 
 
**** End of log ****
 
And my speccy snapshot:


#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,900 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:30 AM

Posted 11 November 2013 - 05:19 PM

Some Insight Into SideBySide Errors

 

Percentage of memory in use: 94%            Total physical RAM: 3070.49 MB
Total Pagefile: 8807.69 MB                         Available Pagefile: 869.02 MB
Seems out of whack, IMO.  My percentage on this system is 26%.  You clearly have a RAM/memory issue that is not based on physical amount..
 
256MB NVIDIA GeForce 7300 GS (XFX Pine Group): 85 °C
I'd say that's out of line (high) for a system with what is reflected.
 
Although MSE is installed, it reflects a status of "disabled".  That's a problem, IMO.
 
Amazon Downloader is running...I would uninstall.

 

lsass.exe      Process ID: 612       User: SYSTEM       Domain: NT AUTHORITY       Path: C:\Windows\system32\lsass.exe
Memory Usage: 1.81 GB          Peak Memory Usage: 2.66 GB
I've never seen anything like this for this process...but those who know more than I seem to think that this can indicate infection.
 
Louis

Edited by hamluis, 10 December 2013 - 02:56 PM.


#5 dtabachnick

dtabachnick
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 11 November 2013 - 05:26 PM

I messed with the page file trying to get my mom some symptom relief. It didn't really work and I forgot to set it back. Sorry. 

 

MSE was disabled for all the work I was doing with the Malware forums guys. I forgot to re-enable it. Sorry.

 

I will get her a new video card. This seems unrelated to the problem at hand, but I agree, it is an issue. 

 

Lsass.exe using all the memory is specifically why I posted this ticket. Additionally, I have worked on this issue with the malware guys for weeks and they sent me here once they were sure it wasn't an infection. 

 

See this ticket if you want to see what we did: http://www.bleepingcomputer.com/forums/t/511926/lsassexe-consumes-mostall-available-memory


Edited by dtabachnick, 11 November 2013 - 05:28 PM.


#6 hamluis

hamluis

    Moderator


  • Moderator
  • 55,900 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:30 AM

Posted 11 November 2013 - 05:32 PM

My apologies...I wasn't ready to post but I apparently hit the button while I was checking out your MRL topic.  I agree...it's not a malware problem, based on opinions wiser than mine :).

 

I can't really point to any strategy, since I don't know what is occurring or why.

 

Best bet is to wait here until some of the more knowledgeable Advisors or members weigh in.

 

Louis



#7 dtabachnick

dtabachnick
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 11 November 2013 - 06:16 PM

No worries. I do appreciate the reply. I have fixed the MSE and swap space issues. I'll swap the vid card shortly as well. 



#8 smax013

smax013

  • BC Advisor
  • 2,329 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:30 AM

Posted 11 November 2013 - 10:34 PM

Does that same thing happen if you boot into Safe Mode?

#9 jhayz

jhayz

  • BC Advisor
  • 6,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 AM

Posted 11 November 2013 - 11:35 PM

Please try updating also your BIOS to the latest version if not already done. http://www.gigabyte.com/products/product-page.aspx?pid=3265#bios


Tekken
 


#10 dtabachnick

dtabachnick
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 13 November 2013 - 01:35 PM

Safe mode and the BIOS update are good ideas. I won't have physical access to this system for a while, so I won't be able to try these until then. I'll update when I've done both. Thanks!



#11 jhayz

jhayz

  • BC Advisor
  • 6,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 AM

Posted 14 November 2013 - 09:41 PM

Please do post back of the outcome. :)


Tekken
 


#12 dtabachnick

dtabachnick
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 23 November 2013 - 01:40 PM

This issue does not occur in safe mode.

 

That is not the correct link for the BIOS on this board. It is rev 1.1, so the BIOS is found here: http://www.gigabyte.com/products/product-page.aspx?pid=2989#bios

We currently have the latest non-beta BIOS (F11). Do you think the issue would be resolved if we updated to one of the beta releases?



#13 dtabachnick

dtabachnick
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 01 December 2013 - 11:47 PM

Does anyone have an idea for where we go from here? I can nuke and pave if it comes to that, but I was obviously hoping for a less drastic solution.

 

Thanks in advance.



#14 jhayz

jhayz

  • BC Advisor
  • 6,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 AM

Posted 02 December 2013 - 06:17 PM

Have you tried the F12i BIOS version already?


Tekken
 


#15 dtabachnick

dtabachnick
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 02 December 2013 - 06:19 PM

I did not.

1. The link was to the wrong bios page and 2. we currently have the latest non-beta BIOS (F11). Do you think the issue would be resolved if we updated to one of the beta releases? I can do this, but the directions were unclear. 


Edited by dtabachnick, 02 December 2013 - 06:19 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users