Sluggish ram hog

Discussion in 'Malware Help (A Specialist Will Reply)' started by sticky667, Jul 8, 2014.

  1. sticky667

    sticky667 Private E-2

    Hello,

    Please help me with viewing my logs.

    The past few weeks, my pc has been running slower and slower and the resource gauge is showing the ram as 95%+ all the time.

    Thanks in advance!
     

    Attached Files:

    sticky667, Jul 8, 2014
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I need the logs from running Hitman and MGTools.

    In the meantime, rerun RogueKiller and have it fix these items:
    Code:
    ¤¤¤ Registry Entries : 22 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-799491678-2058301630-1154065169-1000\Software\Microsoft\Windows\CurrentVersion\Run | Best Buy pc app : C:\Users\JeremyFiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms  -> FOUND
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-799491678-2058301630-1154065169-1000\Software\Microsoft\Windows\CurrentVersion\Run | Best Buy pc app : C:\Users\JeremyFiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms  -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Sshdaemon -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sshdaemon -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Sshdaemon -> FOUND
[ZeroAccess] (X64) HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 |  : C:\$Recycle.Bin\S-1-5-21-799491678-2058301630-1154065169-1000\$5a531f88ecf72c992eeda666b1cef55c\n.  -> FOUND
[Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{5839fca9-774d-42a1-acda-d6a79037f57f}\InprocServer32 |  : C:\$Recycle.Bin\S-1-5-18\$5a531f88ecf72c992eeda666b1cef55c\o.  -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5839fca9-774d-42a1-acda-d6a79037f57f}\InprocServer32 |  : C:\$Recycle.Bin\S-1-5-18\$5a531f88ecf72c992eeda666b1cef55c\o.  -> FOUND
¤¤¤ Files : 46 ¤¤¤
[Suspicious.Path][File] Best Buy pc app.lnk -- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [LNK@] C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" -> FOUND
[ZeroAccess][Junction] en-US -- C:\Program Files\Windows Defender\en-US [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] MpAsDesc.dll -- C:\Program Files\Windows Defender\MpAsDesc.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] MpClient.dll -- C:\Program Files\Windows Defender\MpClient.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] MpCmdRun.exe -- C:\Program Files\Windows Defender\MpCmdRun.exe [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] MpCommu.dll -- C:\Program Files\Windows Defender\MpCommu.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] MpEvMsg.dll -- C:\Program Files\Windows Defender\MpEvMsg.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] MpOAV.dll -- C:\Program Files\Windows Defender\MpOAV.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] MpRTP.dll -- C:\Program Files\Windows Defender\MpRTP.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] MpSvc.dll -- C:\Program Files\Windows Defender\MpSvc.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] MSASCui.exe -- C:\Program Files\Windows Defender\MSASCui.exe [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] MsMpCom.dll -- C:\Program Files\Windows Defender\MsMpCom.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] MsMpLics.dll -- C:\Program Files\Windows Defender\MsMpLics.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] MsMpRes.dll -- C:\Program Files\Windows Defender\MsMpRes.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] Backup -- C:\Program Files\Microsoft Security Client\Backup [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] DbgHelp.dll -- C:\Program Files\Microsoft Security Client\DbgHelp.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] Drivers -- C:\Program Files\Microsoft Security Client\Drivers [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] en-us -- C:\Program Files\Microsoft Security Client\en-us [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] EppManifest.dll -- C:\Program Files\Microsoft Security Client\EppManifest.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] MpAsDesc.dll -- C:\Program Files\Microsoft Security Client\MpAsDesc.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] MpClient.dll -- C:\Program Files\Microsoft Security Client\MpClient.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] MpCmdRun.exe -- C:\Program Files\Microsoft Security Client\MpCmdRun.exe [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] MpCommu.dll -- C:\Program Files\Microsoft Security Client\MpCommu.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] mpevmsg.dll -- C:\Program Files\Microsoft Security Client\mpevmsg.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] MpOAv.dll -- C:\Program Files\Microsoft Security Client\MpOAv.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] MpRTP.dll -- C:\Program Files\Microsoft Security Client\MpRTP.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] MpSvc.dll -- C:\Program Files\Microsoft Security Client\MpSvc.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] MSESysprep.dll -- C:\Program Files\Microsoft Security Client\MSESysprep.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] MsMpCom.dll -- C:\Program Files\Microsoft Security Client\MsMpCom.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] MsMpEng.exe -- C:\Program Files\Microsoft Security Client\MsMpEng.exe [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] MsMpLics.dll -- C:\Program Files\Microsoft Security Client\MsMpLics.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] MsMpRes.dll -- C:\Program Files\Microsoft Security Client\MsMpRes.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] msseces.exe -- C:\Program Files\Microsoft Security Client\msseces.exe [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] msseoobe.exe -- C:\Program Files\Microsoft Security Client\msseoobe.exe [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] msseooberes.dll -- C:\Program Files\Microsoft Security Client\msseooberes.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] MsseWat.dll -- C:\Program Files\Microsoft Security Client\MsseWat.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] NisIpsPlugin.dll -- C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] NisLog.dll -- C:\Program Files\Microsoft Security Client\NisLog.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] NisSrv.exe -- C:\Program Files\Microsoft Security Client\NisSrv.exe [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] NisWFP.dll -- C:\Program Files\Microsoft Security Client\NisWFP.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] Setup.exe -- C:\Program Files\Microsoft Security Client\Setup.exe [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] SetupRes.dll -- C:\Program Files\Microsoft Security Client\SetupRes.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] shellext.dll -- C:\Program Files\Microsoft Security Client\shellext.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] sqmapi.dll -- C:\Program Files\Microsoft Security Client\sqmapi.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] SymSrv.dll -- C:\Program Files\Microsoft Security Client\SymSrv.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
[ZeroAccess][Junction] SymSrv.yes -- C:\Program Files\Microsoft Security Client\SymSrv.yes [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND
    Reboot and rescan with RogueKiller and attach the new log along with the other requested logs.
     
    TimW, Jul 9, 2014
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds