Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RAM fills to 70% a few minutes after OS loads


  • This topic is locked This topic is locked
3 replies to this topic

#1 mycomputerbroke

mycomputerbroke

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 28 January 2018 - 03:53 AM

I encountered a new problem this morning upon booting my computer. Normally my idle RAM use sits around 20-30% after the OS completes startup but today it quickly went up to 70%, despite my cores showing almost no activity. CTRL + ALT + Delete gives me an error instead of giving me the screen with the option to start my task manager. If I attempt to take actions, my RAM fills up the rest of the way pretty quickly, and doing things like copying files or navigating any significantly sized folder or right clicking can freeze the computer for around 30 seconds.

I realize after reading some on here that I should have asked before running ComboFix, but that's usually been my go to for significant issues so I just did it instinctually. Normally it'd take 10-20 minutes or maybe an hour when something is really messed up, but today it took about 12 hours to complete. I might as well post the log since I already did it right? Any help would be appreciated. I'm going to clean the interior of the computer, but I doubt that's the issue because I cleaned it a little over a month ago. Maybe reseat some of the components, but the way the RAM was filling up slowly, to me didn't seem like it would be a connection or seating issue.

ComboFix 18-01-10.01 - Goomba 01/27/2018  14:10:09.9.3 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3326.2326 [GMT -6:00]
Running from: c:\users\Goomba\Desktop\ComboFix.exe
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2017-12-28 to 2018-01-28  )))))))))))))))))))))))))))))))
.
.
2018-01-28 01:55 . 2018-01-28 01:55    --------    d-----w-    c:\users\Public\AppData\Local\temp
2018-01-28 01:55 . 2018-01-28 01:55    --------    d-----w-    c:\users\Default\AppData\Local\temp
2018-01-28 01:55 . 2018-01-28 01:55    --------    d-----w-    c:\users\Mcx1-MUSHROOMKINGDOM\AppData\Local\temp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-01-27 20:26 . 2017-06-16 03:11    162240    ----a-w-    c:\windows\system32\drivers\MBAMChameleon.sys
2018-01-27 20:26 . 2017-06-16 03:11    65824    ----a-w-    c:\windows\system32\drivers\mwac.sys
2018-01-27 20:26 . 2017-06-16 03:11    85400    ----a-w-    c:\windows\system32\drivers\farflt.sys
2018-01-27 20:26 . 2017-06-16 03:11    40352    ----a-w-    c:\windows\system32\drivers\mbam.sys
2018-01-27 20:26 . 2014-05-03 20:15    221600    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-11-21 05:29 . 2017-10-11 03:44    124282896    -c--a-w-    c:\windows\system32\MRT-KB890830.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2017-09-20 7685808]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Vivaldi Update Notifier"="c:\users\Goomba\AppData\Local\Vivaldi\Application\update_notifier.exe" [2017-10-25 3780728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-05-09 3146704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Belvedere.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Belvedere.lnk
backup=c:\windows\pss\Belvedere.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodeMeter Control Center.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk
backup=c:\windows\pss\CodeMeter Control Center.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Goomba^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk]
path=c:\users\Goomba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
backup=c:\windows\pss\EvernoteClipper.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Goomba^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\Goomba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Goomba^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
path=c:\users\Goomba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
backup=c:\windows\pss\PdaNet Desktop.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Goomba^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Splice for Windows.lnk]
path=c:\users\Goomba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Splice for Windows.lnk
backup=c:\windows\pss\Splice for Windows.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53    843712    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-15 23:42    499608    ------w-    c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 13:08    1523360    ----a-w-    c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-31 03:06    59280    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AS00_WN311B]
2007-09-21 17:02    2150400    ----a-w-    c:\program files\NETGEAR2\WN311B\Utility\WN311B.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2014-08-19 06:41    448856    ----a-w-    c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2014-01-10 05:26    1861968    ----a-w-    c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2015-08-31 19:27    144200    ----atw-    c:\users\Goomba\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 02:33    421776    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-11-11 19:08    205336    ----a-w-    c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 01:56    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 14:32    253816    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 19:37    517096    ----a-w-    c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2013-05-02 16:54    802136    ----a-w-    c:\program files\uTorrent\uTorrent.exe
.
3;2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-01-03 315488]
R3 BRDriver;BRDriver;c:\programdata\BitRaider\BRDriver.sys [x]
R3 BRDriver_1_3_3_E02B25FC;BRDriver_1_3_3_E02B25FC;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [2012-01-18 22176]
R3 DGFWBOOT;Bootloader Service for Mbox 2 Pro Driver (WDM);c:\windows\system32\DRIVERS\dgfwboot.sys [2006-06-23 16896]
R3 DIGIFW;Service for Mbox 2 Pro Driver (WDM);c:\windows\system32\DRIVERS\digifw.sys [2006-06-23 156160]
R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
R3 ffusb2audio;Focusrite USB 2.0 Audio Driver;c:\windows\system32\DRIVERS\ffusb2audio.sys [2013-12-19 101936]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 25112]
R3 NETGEAR;Netgear 802.11 Network Adapter Driver;c:\windows\system32\DRIVERS\wn311b.sys [2008-03-27 1187320]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-25 13440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2017-08-13 15872]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2011-06-15 50280]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan620.sys [2011-09-16 27752]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-13 121192]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [2009-11-26 399424]
R3 TASCAM_US144_MIDI;TASCAM US-144 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2009-11-26 26688]
R3 TASCAM_US144_WDM;TASCAM US-144 WDM;c:\windows\system32\drivers\tscusb2a.sys [2009-11-26 39488]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2011-06-15 50280]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-06-24 101680]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-15 1343400]
S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2018-01-27 221600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-16 294400]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2005-10-26 11776]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2014-09-18 14624]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 PrivateVPN Daemon;PrivateVPN Daemon;c:\program files\PrivateVPN Client\PrivateVpnDaemon.exe [2017-02-22 10752]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2011-06-15 27648]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-07-02 413128]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 WN311BFCS;Netgear WN311B Wireless Control Service;c:\windows\system32\WN311BFCS.exe [2007-09-21 393216]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 MBAMProtection;MBAMProtection;c:\windows\system32\drivers\mbam.sys [2018-01-27 40352]
S3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\drivers\mwac.sys [2018-01-27 65824]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-09-29 490088]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTION
*NewlyCreated* - MBAMWEBPROTECTION
*Deregistered* - ESProtectionDriver
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc    REG_MULTI_SZ       DiagTrack
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Goomba\AppData\Roaming\Mozilla\Firefox\Profiles\h0mjw2xs.default\
.
"ImagePath"="\??\c:\windows\system32\drivers\BVRPMPR5.SYS"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\C:/Program Files/Perforce/P4VResources/p4ob.exe]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2018-01-28  01:08:52
ComboFix-quarantined-files.txt  2018-01-28 07:07
ComboFix2.txt  2017-07-07 04:15
ComboFix3.txt  2016-06-29 00:36
ComboFix4.txt  2012-10-19 21:56
.
Pre-Run: 237,809,176,576 bytes free
Post-Run: 235,397,054,464 bytes free
.
- - End Of File - - 1C825A1D443C79DBA24ECA4438D95DE4
A36C5E4F47E84449FF07ED3517B43A31
 



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:01:55 PM

Posted 28 January 2018 - 06:30 AM

mycomputerbroke:

 

I see from your logs that you have Malwarebytes installed.  I am assuming it is Malwarebytes Premium (MBP).  There was an issue with a component update with MBP yesterday.  It "broke" my computer too.

 

A component update fix has been pushed out by Malwarebytes.  See this link for more information.

 

Are you still having issues after you update MBP?  If so, please post FRST logs and I will assist you.  See these instructions.

 

I would advise you against running ComboFix unsupervised.  It is a very powerful utility and can cause a computer to become unbootable.  See this link for more information.

 

Thank you and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#3 mycomputerbroke

mycomputerbroke
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 28 January 2018 - 02:18 PM

That Malwarebytes update fixed it! Thanks Phil! Was worried my 10 year old computer was dying.



#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:01:55 PM

Posted 28 January 2018 - 02:37 PM

mycomputerbroke:

 

Thank you for your post.  Glad to hear that everything is good to go.  A huge number of people were affected by that Malwarebytes component update.

 

I will lock this thread now.  Thanks for choosing Bleeping Computer to assist you with your computer issues.  Stay safe out there in cyberspace.  Have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users